LDAP import without matches

Gutelade

Hello everyone,
I am currently trying to import users via the grommunio admin console (browser). The LDAP connection check (LDAPS via port 636, Windows domain) is successful. When I try to import all users from the stored LDAP base DN using the ‘Import users’ button, I get 0 out of 0, meaning that nothing is found. The LDAP template is Active Directory. The LDAP filter set for user search seems to be correct ((objectclass=user)). What could be the problem?

WalterH

Do you use a self signed certificate? If yes you need to edit: /etc/openldap/ldap.conf and add 3 lines:

URI     ldaps://icc-ad1.custoemr.local:636 ldaps://icc-ad2.custoemr.local:636
BASE    OU=HIE,DC=customer,DC=local
TLS_REQCERT allow

Replace the URI and the BASE with your data.
Hope this helps.

Gutelade

Thnx for replying
Yes, self-signed.
I have adjusted the conf file, Base=Distinguished name from the domain controller (Ldap server). Unfortunately, still no users found.

WalterH

The domain in the grommunio configuration and the domain in the mail address of the contacts match?

Gutelade

i think so:
ldaps://ldap-server.ad.domain.de:636 (ldap-konfiguration)
Under "domain": "domain.de"
My guess is that the root certificate of the certificate used for LDAPS needs to be imported into Grommunio. Am I right? Unfortunately, I am (still) quite inexperienced with Linux: do you have any instructions for this?

WalterH

Gutelade My guess is that the root certificate of the certificate used for LDAPS needs to be imported into Grommunio.

No you do not need to import the certificate, the parameter TLS_REQCERT allow manage this.

Gutelade

Okidoki, thx.
So you think it's just down to the domain configuration in the grommunio configuration, right? Is there perhaps a log file in grommunio that might contain helpful information?

WalterH

Can you post the LDAP configuration: /etc/gromox/ldap_adaptor.cfg. Mask all sensitive information.

Gilligan

We have the same problem. It seems it is a bug. But there is a workaround:

So you can import single user.